WinXP Service Pack 2 in the Enterprise

S

ShrewLWD

Weaksauce
Joined
Feb 12, 2002
Messages
74
Hey guys,

Most topics I have found deal with WinXP's SP2 on stand alone machines.
What issues are you seeing for the enterprise? I'm a netadmin for a 200+ business, all WinXP and Win2000 servers.

Obviously, the firewall left turned on is an issue, but I have found turning it off causes the nag screen to pop up constantly. Ditto for turning off auto-update. Is there registry tweaks for stopping the nag?

I'm aware of some Dell's being downgraded to a super slow processor speed, as well as a few issues with some 3rd party programs. I've researched MS's list of known problems with xpsp2 too.

What other things concern you/do you like?
 
if you already have a firewall and antivirus, and push monthly updates anyway, whats the use? stick to SP1
 
omega-x said:
if you already have a firewall and antivirus, and push monthly updates anyway, whats the use? stick to SP1
Click to expand...

This is killing me... :p There is no "sticking to SP1" since SP2 is designed to become a part of the OS and updates will be built upon it. If you have XP you will get SP2 eventually, and if you're smart enough, right now. As for the enterprise, MS has several docs written up that cover exactly how to deploy it in every shape and form, including how to deploy it with the firewall already turned off, autoupdates doing whatever you want, etc. http://www.microsoft.com/technet/pr.../winxpsp2.mspx#XSLTdivision122120125121120120

And you should seriously consider running SUS. It allows you to control what updates go out on your own schedule, as well as allow you to guarantee they go out. You can force all your computers to pull from only your update server, etc. via group policy. Its free as well. :) http://www.microsoft.com/windowsserversystem/sus/default.mspx
 
i would hope that with a network that large you would have AD in place and some type of group policy? there are sp2 group policy settings that you can set, those settings range from turning the firewall on or off and not nagging you and besides if its set by GPO you cannot turn it on!!! that is how i am managing it, as for releasing it i have only released it to small numbers but then i have used managed installs and it has worked nicely
 
TEST! TEST! TEST! and TEST AGAIN!

It cannot be stressed enough that you need to test SP2 on a test machine or a few machines that represent a good cross section of systems in the business. No one should be deploying SP2 without first knowing *if* it breaks any business specific appplications or knowing what potential problems exist.

We can spend all day going over "what if" scenarios, but in reality you should be testing this out for yourself and learning how to deal with any issues that may come up.

On a separate note, every workstation I have installed SP2 on that is part of a domain does not produce the nag screen when the firewall is turned off. There are GPs that can be applied to turn off the security center as well as the firewall.
 
no nag screens here, but i only have it on 3 machines (out of 4 XP machines total - more windows 2000 systems though).
1) go read docs on the MS site. in addition to a GPO to conrol the firewall behavior, you can create an INF file that has the settings for the firewall and put that on every machine.
2) never opt for not deploying SPs and security fixes.
3) you should already be controlling autoupdate by using a GPO that tells all the machines to get updates from your SUS server. SUS could not possible be cheaper or easier to deploy, and it covers one of the most important roles in your organization. go here - on the right hand side there is a deployment white paper that will help you out.
 
In a domain environment, security center does not nag you. In a domain environment, you can push down group policy to turn off the firewall - or disable the firewall before you push out SP2.

I would recommend first testing SP2 with your mission-critical applications to ensure that everyone will still be able to do their work, and then if everything looks okay (or is easy enough to fix), roll out SP2 to your users.
 
even with stand alone machines you can set security center to not monitor firewall/av status. no nag.
 
You must log in or register to reply here.
Back
Top